This script will compare the list of documented F5 Distributed Cloud TLS and Cipher versions with the TLS version and Ciphers from an sslscan xml output. This is used to find the maximum TLS values between F5 Distributed Cloud and a backend origin server.
This script will not compare TLS 1.3 Cipher groups.
From March 2023:
google.xml #google.com
nginx.xml #nginx.org
xc-high.xml #F5 Distributed cloud load balancer configured to High
xc-medium.xml #F5 Distributed cloud load balancer configured to Medium
xc-low.xml #F5 Distributed cloud load balancer configured to Low- Python 3.x
- xctlsratings.csv file containing the supported TLS Versions and Ciphers support on XC.
- xml output from sslscan
- Ensure Python 3.x is installed on your system.
- Clone this repository or download the
f5xcsslcheck.pyscript.
- Run sslscan on the desired domain and save the output in XML format:
sslscan <domainname> --xml=<xml_file_path>- Run the
f5xcsslcheck.pyscript with the path to the sslscan XML output file as an argument:
python f5xcsslcheck.py <xml_file_path>- The script will display the list of matching ciphers along with their SSL/TLS version.
sslscan example.com --xml=sslscan_example_com.xml python f5xcsslcheck.py sslscan_example_com.xmlSSL/TLS Version,Cipher,Rating
TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,High
TLSv1.2,ECDHE-RSA-AES256-GCM-SHA384,HighIf your xctlsratings.csv file is not in the same directory as the f5xcsslcheck.py script, you need to update the ratings_file_path variable in the script with the correct path to the file.